Prox OS Internal Docs
PlatformPackagesBackend

AI-generated Backend Readiness

AI can help build backend code, but backend generation has a higher blast

AI can help build backend code, but backend generation has a higher blast radius than static UI or docs. The default posture is contract-first, fixture-backed, permission-aware, and testable generation.

Why Not Vibe Code Backend Now

  • Backend errors can corrupt data, leak private resources, or grant unintended access.
  • Database schemas are expensive to unwind once migrations and production data exist.
  • Auth, permissions, billing, and audit cannot be designed by UI feel alone.
  • AI-generated backend code needs contracts, fixtures, mock runtime, acceptance checks, and rollback paths before it can be trusted.

Backend AI Generation Gates

Every backend package implementation task should have:

Package boundary doc
OpenAPI or type contract
Data model sketch
Permission model
Test fixtures
Integration test plan
Mock provider
Observability hooks
Rollback plan
Acceptance checklist

If a task cannot name these artifacts, it should stay in docs/planning mode or be narrowed to a smaller contract slice.

Future Backend AI Agents

These are future AI worker roles, not real autonomous production agents today.

AgentScopeHuman reviewer
API Contract AgentOpenAPI, route schemas, response envelopes, error models, client generation readiness.Backend Platform Steward
API Kit AgentHono runtime helper boundaries, middleware order, request context, error handling.Backend Platform Steward
DB Schema AgentDrizzle schema conventions, migrations, fixtures, seed data, migration safety.Backend Platform Steward
Auth Flow AgentSession context, OAuth provider abstraction, anonymous upgrade, token/session rotation.Backend Platform Steward
Permission Policy AgentRBAC/ABAC, scopes, resource checks, app grants, AI tool approvals.Backend Platform Steward
Storage Adapter AgentR2/object contracts, signed URLs, object key policy, lifecycle, quotas.Backend Platform Steward
Media Service AgentVariants, transforms, EXIF cleanup, thumbnails, metadata, provenance.Backend Platform Steward
Search Index AgentSearch contracts, indexing jobs, permission-aware results, ranking fixtures.Backend Platform Steward
Jobs Workflow AgentQueues, retries, dead letters, cron, idempotency, job telemetry.Backend Platform Steward
Webhook Integration AgentProvider events, signatures, replay fixtures, idempotency, event routing.Backend Platform Steward
Agent Runtime AgentAgent runs, tool calls, MCP bridge, human gates, artifacts, permissions.Backend Platform Steward
Audit & Compliance AgentAudit vocabulary, actor/resource refs, correlation IDs, retention, export notes.Backend Platform Steward
Billing AgentPlans, tips, subscriptions, entitlements, usage limits, payment event replay.Backend Platform Steward
Observability AgentLogs, traces, metrics, request IDs, agent telemetry, incident dashboards.Backend Platform Steward
Notification Service AgentNotification contracts, preferences, inbox, digest, email/push bridge.Backend Platform Steward
Test Harness AgentFixtures, mocks, contract tests, replay tests, local adapters, acceptance reports.Backend Platform Steward
Docs Sync AgentKeeps package docs, radar, roadmap, and generated docs site content aligned.Backend Platform Steward

Human Owner Role

Backend Platform Steward owns review of backend package boundaries, schema and migration safety, auth and permission posture, AI-generated backend code, the backend package radar, and the testing strategy.

The steward does not approve live payments, production auth, production database migrations, or sensitive data handling alone. Those areas need explicit founder and specialist review when they become real implementation work.

Allowed AI Work Now

  • Update backend package docs.
  • Draft package boundary checklists.
  • Create test fixture plans.
  • Draft OpenAPI examples without wiring runtime behavior.
  • Review future package dependency graphs.

Disallowed AI Work Now

  • Create the 15 backend packages.
  • Generate production database migrations.
  • Connect OAuth, Stripe, R2, or real webhook providers.
  • Build an agent executor.
  • Write unaudited business side effects.
  • Store secrets or production credentials.

On this page